All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
Search
Search
Sign In
Register
study help
computer science
information technology control and audit
Questions and Answers of
Information Technology Control And Audit
Describe current challenges of big data to organizations. How do these challenges impact project managers and the project management field?
How does a system development life cycle (SDLC) provide an environment that is conducive to successful systems development?
Summarize the common phases in the traditional system development life cycle (SDLC) approach.
A company is developing a new system. As the internal IT auditor, you recommend that planning for the new system development should be consistent with the SDLC framework. IT personnel have identified
Explain what conversion procedures referred to as part of implementing a new system.
Prepare a one-page, two-column audit program table listing all risks you can think of that are significant to any organization when implementing the SDLC phases. Next to the risks, list relevant IT
Why should disaster recovery plans be addressed during an implementation as opposed to after?
List advantages and disadvantages for each of the System Development approaches discussed in the chapter.
Why is a help desk function critical to system development? Discuss its interrelationship with the problem management and reporting system.
Differentiate between the various system test events. Describe what aspects of the system are covered during each event.
Why is it necessary for programmers to have good documentation as part of the operations and maintenance phase of the SDLC?
The chapter highlights nine key responsibilities for auditors when involved in a SD&I project. By becoming involved at strategic points during such process, auditors can ensure that the system being
Discuss how the IT auditor can benefit an organization’s system development and implementation process.
Differentiate between the two roles IT auditors can take on in a SD&I project.
Throughout the system development and implementation project, the IT auditor will make control recommendations to management resulting from identified findings. Explain why recommendations from IT
Explain why unauthorized remote access represents a risk to applications.
A company allows orders to be placed directly through its Web site. Describe the three most prominent application system risks that could contribute to unauthorized access to a customer’s order
Explain how incomplete, duplicate, and untimely processing can negatively impact applications.
A payroll department has a time sheet application where employees enter their hours worked. Describe the two most prominent application system risks and the controls that would help mitigate those
List seven common risks associated with EUD application systems.
Departments within a company have their own technical support person who creates and maintains the applications. Describe three risks associated with this practice. What controls would you recommend
How can EUD applications become incompatible systems?
Explain the significance of application controls and provide examples on how they are used to safeguard the input, processing, and output of information.
In today’s environment, the threat of computer viruses is high because of the unlimited number of sources from which they can be introduced. Computer viruses can be copied from a disk, downloaded
Explain what EDI means. Describe potential implications resulting from risks related to application systems exchanging electronic business information.
List and explain five secure coding principles and practices according to OWASP for Web applications.
Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do input controls refer to? Briefly describe what input
Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do processing controls refer to? Briefly describe what
Application controls can be described as techniques used to control the input, processing, and output of information in an application. What do output controls refer to? Briefly describe what output
Implementing policies, procedures, and techniques assist changes and modifications to systems (e.g., programs, applications, etc.) to be properly authorized, tested, approved, and carefully
Discuss what emergency changes are and why do they require “special” attention from management.
Explain the benefits for organizations of implementing a well-defined and structured change control management process.
Discuss why revising documentation is an important part of change management.
Discuss the three types of changes typically implemented in systems and applications.
Explain the purpose of a change request form. Why should change request procedures be documented?
Using an Internet Web browser, search and examine two recent (within the last 5years) situations where the implementation of changes and/or modifications to existing financial application systems
Describe the controls typically included when following good software distribution practices.
Following your recommendation, your organization just created a Change Control Management Board or Committee (Board) to oversee the recently-implemented change control management process. As the
Why are physical security and access controls important to organizations? List at least six examples of physical security and access controls.
Once approved, changes should be scheduled for implementation. At this point, all key people and departments affected by a change should be notified of the upcoming implementation. List those who may
Summarize how the National Institute of Standards and Technology defines the process of software configuration management.
Describe the interdependencies between IT change management and organizational change management.
What is the objective of a change control management audit? List at least seven procedures in a change control management audit.
Policies and procedures related to IS operations are considered essential for every IT environment, why?
Data processing controls help ensure that data is validly processed, and that any exceptions noted while processing will be detected and corrected. What are some of the key questions managers ask in
Explain the purpose of data center audits.
Differentiate between blackouts and brownouts. Research the Internet and provide one example where a blackout took place during the last five years. Do the same for a brownout.
List potential areas that backup policies, procedures, standards, and/or guidance should cover to ensure the availability of data significant to the operation of the organization.
Exhibit 12.1 lists common techniques used to commit cybercrimes. For each of these techniques, research the Internet and provide the names of one or two entities that have been impacted by such
What is the risk to organizations of not having a comprehensive business continuity plan in place in the event of an emergency?
As the Senior IT auditor, you are having a planning meeting with the client’s IT management. The IT manager is in the process of creating a disaster recovery plan (DRP) to put the organization in a
List control activities the IT auditor can perform to evaluate and test an organization’s DRP.
Mention potential areas a company policy related to End-user Computing groups should cover.
Explain each of the three organization’s strategic business objectives attained through implementation of information security. What are the associated risks that would prevent achieving them?
Pick two of the recent technologies discussed in this chapter that have already started to revolutionize organizations, how business is done, and the dynamics of the workplace. Describe the
List information, screenshots, reports, etc. that the IT auditor would likely request from a client in order to conduct an information security audit. Why is this information important for the IT
Briefly describe six commonly-used techniques used to commit cybercrimes according to this chapter.
A potential client asks you to provide a draft of the IT audit program (objectives and control procedures) you would use and follow in order to audit information security at her organization. Provide
Define COBIT. Describe the COBIT 5 principles that help organizations create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.
List and describe typical roles within information security, and their responsibilities in protecting the organization’s information.
Provide two or three examples of information security controls within the following management processes: a. Vulnerability b. Threat c. Trust d. Identity e. Incident
Information security test results should be recorded and, according to NIST, those test results should include?
The Company you work for is in the process of determining whether to have an information security audit (ISA) performed. Even though the Company is not (yet) required to have an ISA for compliance
List 10 sources for audit tools, best practices, and/or relevant audit information when performing information security audits that were discussed in this chapter.
Why is it important to have a strategy in place? What would be the goal of having such strategy?
Name and summarize control areas that the IT auditor should include in his or her review when examining a software acquisition.
List the seven basic steps of a software acquisition process.
As stated in the textbook, outsourcing refers to the transfer of service delivery to a third party, allowing companies to concentrate on core competencies. As the IT Audit Manager, your client asks
Describe the methods that can be used in gathering system requirements information.
Using an Internet web browser, search for AICPA’s Statement on Standards for Attestation Engagements (SSAE) No. 18, and perform the following: a. Explain the relevance of SSAE 18 and what does it
What are the advantages and disadvantages for contracted or in-house development?
When measuring application and infrastructure services, an important measure for both is the number of changes, why?
There are many tools available to assist organizations in implementing service management processes. Tools are needed to capture performance, usage metrics from the various platforms, and to
Distinguish between outsourcing and off-shoring.
Explain the following relevant terms and concepts when involved in an audit of a service organization. a. Service organization. b. User entity. c. Roles and responsibilities of user auditor. d.
Showing 100 - 200
of 175
1
2